Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

site hacked Rate Topic   - - - - -

 
  • gabrieluk
  • Senior Member
  • Members
  • Join Date: 21-Jul 09
  • 133 posts

Posted 30 December 2009 - 12:09 AM #1

hi,
i have a cs cart that was hacked.i found a strange folder in cpanel file manager.I would like to know if there's any exploits for the version 1.3.5 sp4 that i should manually fix.`thanks for any help,as i have to put the shop back on again but i'm concerned.
thanks
Number 1

 
  • Spiral
  • BANNED
  • Banned
  • Join Date: 02-Aug 09
  • 133 posts

Posted 30 December 2009 - 01:22 AM #2

I am not even sure where to begin on answering that one ....

1.3.5 SP4 has got major issues security wise and that is expanded exponentially if you are running it on a DSO (Apache Module) PHP based server with the typical 'recommended' 777 permissions.

It might be possible to compensate for the issues with a large number of rewrites and some extra security layers added to the server but really I would try to get up to at least 2.0.7 bare bones minimum.

 
  • gabrieluk
  • Senior Member
  • Members
  • Join Date: 21-Jul 09
  • 133 posts

Posted 30 December 2009 - 01:37 AM #3

I run my site in the -------- servers,using 644 for files and 755 for all folders...I just downloaded Security Update CS-20080901from the files section in the help desk,and i read all the forums regarding security.One post that called my attention was http://forum.cs-cart...ead.php?t=14197
apart that,i couldn't see any other major vulnerability...Am I wrong CS experts?(even because i know many cs customers are using sp4)And if i would consider the rewriting proposed and extra security layer,how much it would cost ?and it would be enough to cover major vulnerabilities?
Number 1